Due to fast proliferation and evolution of malware, such as viruses, worms, Trojans, and other types of computer threats, it becomes harder for computer security specialists to keep track of newly emerging threats even using automated malware detection means. Security concerns are even higher when security of confidential or secret personal or corporate information must be protected. Some types of malware are specifically designed to attack computers and applications deployed thereon in order to collect confidential or secret user and system information. Therefore, security applications, such as antivirus programs and firewalls, must be configured to protect critical system and application objects from unauthorized access.
One mechanism for system protection from malware is “sandboxing”, in which untrusted programs are executed in a secure virtual environment. The execution of a program can be limited to exclude access to the critical areas or processes of the host system or applications deployed thereon. However, known sandboxing techniques have limitations. For example, they may be ineffective when the host system is already infected by the malware. Also, they do not allow filtering of system calls made from the untrusted program based on types of operations other than read/write operations and analysis of requests using different malware detection algorithms. Accordingly, there is need for an improved sandboxing mechanism for protection of a host computer and applications deployed thereon from malware.